Latest posts

The best 35 information security blogs to follow

Whether you prefer bookmarks, RSS feeds, or mobile readers, keeping up with information security trends and developments is made infinitely easier through the work of great bloggers.

Continue reading

Social Navigation: City of Boston partners with Waze

The idea of posting information in a social venue while driving would seem, on the face of it, to carry a lot of risk – but is Waze actually making the streets safer? The City of Boston seems to think so.

Continue reading

Managing your online persona(s)

Many of us lead busy lives and managing your online person(s) might sound like just another chore that you don’t need. However, in today’s business and social environments, the time invested can save you a great deal of grief – or even help you land that dream job or meet Mr. or Mrs. Right.

Continue reading

Is it time for device vendors to stop “gifting” us with unwanted, risky software?

A few days ago, Yahoo! Tech reported that Lenovo has been selling laptops that come pre-installed with malware created by a company called Superfish, which is designed to inject advertisements in the web browser but also compromises the certificate-based security protocols that enable computers to detect imposter web sites and can make the computers vulnerable to HTTPS man-in-the-middle (MITM) attacks.

Continue reading

Security 101: Authentication (Part 2)

Welcome to part two of our three-part series on authentication. In this post we will review some of those that are used in networks.

Continue reading

Kaspersky Labs reports on unprecedented cyber robbery

The details were revealed this week in a report from Kaspersky Labs, which first got involved in tracking down how the attacks were happening back in 2013 when an automatic teller machine in Kiev was compromised in a high profile incident in which the ATM began to dispense money without any user action.

Continue reading

23 ways to be the IT department’s MacGyver

Here is a list of things you may want to keep nearby so that you too can pull off a “MacGyver”.

Continue reading

The Secret Question Threat

At its core, security is all about allowing convenient access to a system for all those who have legitimate access to it. Yet, at the same time, that convenience, in turn, also creates security risks.

Continue reading

February 2015 – Microsoft Patch Tuesday

Of the nine security updates that were issued today, there are four remote code execution vulnerabilities, two security feature bypasses, and one escalation of privilege and Information disclosure. Only three of the nine are classified as critical; the rest are rated important.

Continue reading

Is there a severity greater than critical?

It’s Patch Tuesday again and it’s really time you paid attention. A lot of attention. MS15-011 covers a security issue that, were I in charge of the ratings names, I would rate as Super-critical – because of the potential for exploitation more than its potential impact. If you have anyone taking a domain-joined workstation outside the corporate network, patch it now.

Continue reading